Features

Risk Management

Xanitizer enables you to manage the internal security risks of your project and the external security risks which where introduced by libraries. Each finding is automatically classified according to its risk level.

Compliance & Standards

Xanitizer detects more than 50 different types of vulnerabilities in Java and Scala projects. Each finding is automatically assigned to a CWE number and to common industry standards.

Check if your project meets the leading industry standards like OWASP TOP 10 2013/2017, a list of critical security risks of web applications, or CWE/SANS Top 25, a list of most dangerous software errors.

Root Cause Analysis

Xanitizer's unique visualizations like the Smart Call Graph combined with detailed explanations allows you to identify and understand the root cause for each detected security finding. This way you can easily decide how and where to fix a vulnerability.

Review detailed explanations regarding the root cause and the attack vector of a vulnerability.

Visualize the flow of manipulated data from an entry point into your application to the location where harm can be caused.

Use interactive navigation with drill-down and auto-masking to focus on a single security finding without getting lost in too much information.

Analyze each detected security issue down to its exact source code location.

Fix the detected vulnerabilities with the provided solution proposals.

Ad Hoc Analysis

A full security analysis is not finished in a minute. To reduce the time required for a security review, Xanitizer provides an ad hoc security analysis that lets you quickly check for vulnerabilities connected with an interactively defined start or end point.

Run a "What If" analysis to check if any harm might be caused if a certain local variable is tainted or if a certain location could be reached by tainted data.

Validate the effect of your code and configuration changes.

Easy Integration

Xanitizer is designed to become an essential part of your software development life cycle (SDLC) and to let you fully automate the security analysis process.

Detect vulnerabilies already in the implementation phase of your SDLC to reduce the neccessary effort to fix it.

Xanitizer has been successfully adopted by security professionals and developers from all around the world since 2013.

During our startup phase we sought a solution that was within our budget but also allowed our Application Security program to mature. We decided on Xanitizer because of its scan depth and ability to integrate into our build and deployment pipeline. Additionally, a key aspect of Xanitizer that we have leveraged is the reporting capability that has allowed us to prioritize findings and demonstrate to our regulated customers that we have a mature Application Security program.

Xanitizer is a very useful and powerful tool for Java code analysis. I'm exited about the taint analysis, which makes it possible to work through the code in a well structured way. The integration of additional scanning tools like OWASP
Dependency Check or SpotBugs provides valuable results. The enclosed tutorial is very helpful for the orientation and to understand how Xanitizer works.

More and more of our customers consider software security as a key requirement for their software projects. With Xanitizer I can easily review the existing code base to identify critical areas and recommend architectural changes that reduce their risk level.

At the current time our customers' day-to-day routine for security checks includes security source code reviews as well as classic penetration tests. For us, Xanitizer is an essential tool for checking JEE applications and deeply integrated in our testing approaches. Comparing its capability to other larger tool creators, we appraise the usage of Xanitizer as productive and viable for the future.